Unless otherwise noted in the bounty's readme, bounty submissions are judged by the sponsor team. The following guidelines apply to sponsor-judged bounties.
Sponsors are responsible for reviewing and assessing submitted findings, and providing a written response indicating their determination, within 7 days of submission.
Code4rena typically shares sponsors' written responses with the warden who reported the finding within 1-2 business days of receipt.
Wardens may choose to appeal a sponsor's verdict for a Code4rena bounty submission, if they wish to formally contest the assessed validity and/or risk level of one or more findings.
In the event of a judge appeal or final appeal, judge(s) are selected by Code4rena staff, and the appointed judges apply the bounty judging criteria to the relevant findings.
- If a sponsor does not submit a written response within 7 days, the warden has 14 days from the date of submission to file a judge appeal, with a judge appeal deposit of $1,000 USDC per appealed issue paid by the sponsor.
- If a sponsor submits a written response, the warden has 7 days from the date of the written response to file a judge appeal, with a judge appeal deposit of $400 USDC per appealed finding paid by the warden.
- Code4rena collects the judge appeal deposit.
- A Code4rena judge reviews the evidence and assesses the validity and risk level of the appealed submission.
- If the judge rules in favor of the warden, the $400 court fee is charged to the sponsor, and the warden's appeal deposit is returned.
- If the judge rules that the submission is not a valid High or Critical severity finding, the $400 court fee is not refunded.
To file an appeal, wardens should:
- log into their Code4rena user account
- submit a Help Desk request with the subject "Bug bounty appeal," and include:
- the name of the bug bounty
- the title of their bounty submission
The timestamp of the Help Desk request submission will be used to determine whether the appeal was filed within the requisite 7 day limit.
Code4rena staff will respond within 1-2 business days, via a private thread in the C4 Discord server, to collect the $400 deposit and initiate the appeal process.
In the event that a sponsor or warden objects to a judge's decision, either party may initiate a final appeal by:
- making a written request for a final appeal within 2 business days of a judge’s decision, and
- making a payment of $1,200 USDC to cover court costs.
Final appeals are reviewed and judged by a panel of three Code4rena judges.
Court fees are handled as follows:
- If the sponsor initiates the final appeal, no refund is made.
- If the warden initiates the final appeal and the panel rules that their appealed finding is a valid Critical or High severity finding, the court fees are charged to the sponsor.
- If a warden initiates the final appeal and the panel rules that their appealed finding is not a valid Critical or High severity finding, no refund is made.
Decisions made by the panel are binding and final with respect to a finding’s validity, severity, and remuneration due to the warden who reported the finding.